{"id":4577,"date":"2022-06-20T15:38:18","date_gmt":"2022-06-20T15:38:18","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=4577"},"modified":"2023-09-22T07:40:59","modified_gmt":"2023-09-22T07:40:59","slug":"notepad-backdoor-italian-systems-redlinestealer","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/uncategorized-it\/notepad-backdoor-italian-systems-redlinestealer\/","title":{"rendered":"Notepad++: Malware in Software \u2013 Part 1 \u00a0"},"content":{"rendered":"\n<p>In <strong>June 2022<\/strong>, a Malware campaign was analyzed (<a href=\"https:\/\/www.linkedin.com\/posts\/dino-barlattani-10bba11a9_notepad-malware-activity-6944169908653981696-Wtja?utm_source=linkedin_share&amp;utm_medium=member_desktop_web\">report<\/a>) that exploits <a href=\"https:\/\/ads.google.com\/\"><strong>Google Ads<\/strong><\/a> and <strong>SEO Poisoning<\/strong> techniques to distribute the <strong>RedLine Stealer<\/strong> malware in the form of a <strong>Notepad++ installer<\/strong> (<a href=\"https:\/\/attack.mitre.org\/techniques\/T1189\/\">Drive-By Compromise<\/a>; <strong>tactic:<\/strong> <a href=\"https:\/\/fortgale.com\/threats\/#accesso-iniziale\">Initial Access)<\/a>.<\/p>\n\n\n\n<p>The target of the campaign is <strong>Italian systems and IT technical departments<\/strong>. In fact, <strong>2686 systems<\/strong> were compromised by RedLine and put up for sale in the last 90 days (average price $10).<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"615\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/mappa_redline_compromissioni-2-1024x615.png\" alt=\"\" class=\"wp-image-4673\" srcset=\"https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/mappa_redline_compromissioni-2-1024x615.png 1024w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/mappa_redline_compromissioni-2-300x180.png 300w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/mappa_redline_compromissioni-2-768x461.png 768w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/mappa_redline_compromissioni-2-1536x922.png 1536w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/mappa_redline_compromissioni-2.png 1651w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" loading=\"lazy\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/fortgale.com\/news\/2022\/06\/20\/notepad-backdoor\/isp\/\" target=\"_blank\" rel=\"noreferrer noopener\"><img decoding=\"async\" width=\"1024\" height=\"578\" data-id=\"4674\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/ISP-1024x578.png\" alt=\"\" class=\"wp-image-4674\" srcset=\"https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/ISP-1024x578.png 1024w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/ISP-300x169.png 300w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/ISP-768x434.png 768w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/ISP-1536x867.png 1536w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/ISP-2048x1157.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" loading=\"lazy\" \/><\/a><figcaption class=\"wp-element-caption\">ISP with most compromises<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/fortgale.com\/news\/2022\/06\/20\/notepad-backdoor\/sistemi-operativi\/\" target=\"_blank\" rel=\"noreferrer noopener\"><img decoding=\"async\" width=\"1024\" height=\"750\" data-id=\"4675\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/sistemi-operativi-1024x750.png\" alt=\"\" class=\"wp-image-4675\" srcset=\"https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/sistemi-operativi-1024x750.png 1024w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/sistemi-operativi-300x220.png 300w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/sistemi-operativi-768x563.png 768w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/sistemi-operativi-1536x1125.png 1536w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/sistemi-operativi.png 1906w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" loading=\"lazy\" \/><\/a><figcaption class=\"wp-element-caption\">Compromised Operating Systems<\/figcaption><\/figure>\n<\/figure>\n\n\n\n<p>The victim, once the installation file is started, unknowingly runs the <strong>RedLine Stealer Malware<\/strong>. <\/p>\n\n\n\n<p>Some considerations:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>RedLine is one of the most active Malware<\/li>\n\n\n\n<li>the victim systems are sold in 2 different <strong>Black Markets<\/strong><\/li>\n\n\n\n<li>There are around 15 seller accounts<\/li>\n\n\n\n<li>average selling price per seat: $10<\/li>\n\n\n\n<li><strong>2686 Italian<\/strong> systems put on sale in the last 90 days<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-medium is-resized\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/POST-LINKEDIN-5-1-300x300.png\" alt=\"Notepad++ Backdoor\" class=\"wp-image-4609\" style=\"width:589px;height:589px\" width=\"589\" height=\"589\" srcset=\"https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/POST-LINKEDIN-5-1-300x300.png 300w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/POST-LINKEDIN-5-1-1024x1024.png 1024w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/POST-LINKEDIN-5-1-150x150.png 150w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/POST-LINKEDIN-5-1-768x768.png 768w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/POST-LINKEDIN-5-1.png 1200w\" sizes=\"(max-width: 589px) 100vw, 589px\" loading=\"lazy\" \/><\/figure>\n<\/div>\n\n\n<h3 class=\"wp-block-heading\">Hopw to defend:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>activating a specialist service for protection from <strong>Cyber Attack <\/strong>(<a href=\"https:\/\/fortgale.com\/mdr\">More Info<\/a>)<\/li>\n\n\n\n<li>applying a perimeter lock for the notepad-edit-text[.]org domain (removing [ ])<\/li>\n\n\n\n<li>paying more attention to the websites used to download software to install on company systems<\/li>\n\n\n\n<li>perform threat hunting activities to search for potential compromises<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What NOT to do:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>apply perimeter blocking for IP addresses (presence of Cloudflare CDN)<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>uninstall legitimate versions of Notepad++ software<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>prevent access to official Notepad++ software websites<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">SEO Poisoning<\/h3>\n\n\n\n<p>SEO poisoning, or search poisoning, is an offensive technique in which criminals create malicious websites and make them appear among the top results of search engines. In this way it is possible to create an offensive campaign targeted for specific victims who search for certain keywords.<\/p>\n\n\n\n<p>The attackers&#8217; aim is to convince the victim to download malicious software.<\/p>\n\n\n\n<h1 class=\"wp-block-heading has-text-align-center\" id=\"h-website-analysis\">Website Analysis<\/h1>\n\n\n\n<p>By searching &#8220;notepad++&#8221; using the Google search engine, the advertising banner appears:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/image.png\" alt=\"\" class=\"wp-image-4578\" style=\"width:709px;height:108px\" width=\"709\" height=\"108\" srcset=\"https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image.png 709w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-300x46.png 300w\" sizes=\"(max-width: 709px) 100vw, 709px\" loading=\"lazy\" \/><figcaption class=\"wp-element-caption\"><em>Real example of advertising on a malicious site<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<p>The website appears to be a copy of the original version of Notepad++. Inside, at the path <strong>https:\/\/notepad-edit-text[.]org\/downloads<\/strong>, there is a list of previous versions, but the related links are not working and return the <strong>error code 404.<\/strong><\/p>\n\n\n\n<p>The only working link for downloading the malicious software is the one relating to <strong>version 8.4.1.<\/strong><\/p>\n\n\n\n<p>The Threat Actor mistakenly maintained a defunct link to &#8220;<strong>https:\/\/notepad-plus-plus.apps4p[.]org\/<\/strong>&#8220;<\/p>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-2 is-cropped wp-block-gallery-2 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/image-1.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1351\" height=\"684\" data-id=\"4579\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/image-1.png\" alt=\"Fake Homepage\" class=\"wp-image-4579\" srcset=\"https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-1.png 1351w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-1-300x152.png 300w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-1-1024x518.png 1024w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-1-768x389.png 768w\" sizes=\"(max-width: 1351px) 100vw, 1351px\" loading=\"lazy\" \/><\/a><figcaption class=\"wp-element-caption\">Fake Homepage<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/image-2.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1361\" height=\"666\" data-id=\"4580\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/image-2.png\" alt=\"Fake Download\" class=\"wp-image-4580\" srcset=\"https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-2.png 1361w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-2-300x147.png 300w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-2-1024x501.png 1024w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-2-768x376.png 768w\" sizes=\"(max-width: 1361px) 100vw, 1361px\" loading=\"lazy\" \/><\/a><figcaption class=\"wp-element-caption\">Fake Download<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/image-4.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"1363\" height=\"681\" data-id=\"4582\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/image-4.png\" alt=\"Malware download\" class=\"wp-image-4582\" srcset=\"https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-4.png 1363w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-4-300x150.png 300w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-4-1024x512.png 1024w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-4-768x384.png 768w\" sizes=\"(max-width: 1363px) 100vw, 1363px\" loading=\"lazy\" \/><\/a><figcaption class=\"wp-element-caption\">Backdoored Notepad<\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/image-5.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" width=\"918\" height=\"689\" data-id=\"4584\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/image-5.png\" alt=\"Offline website\" class=\"wp-image-4584\" srcset=\"https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-5.png 918w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-5-300x225.png 300w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-5-768x576.png 768w\" sizes=\"(max-width: 918px) 100vw, 918px\" loading=\"lazy\" \/><\/a><figcaption class=\"wp-element-caption\">Other Website<\/figcaption><\/figure>\n<\/figure>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\" id=\"h-domains-analysis\">Domains Analysis<\/h2>\n\n\n\n<p>The <strong>notepad-edit-text[.]org<\/strong> domain was registered on <strong>May 23, 2022<\/strong>, currently protected by the Cloudflare service which masks its real origin addresses.<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\"><div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/image-14.png\" alt=\"Fake Notepad infrastructure 1\" class=\"wp-image-4617\" style=\"width:420px;height:349px\" width=\"420\" height=\"349\" srcset=\"https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-14.png 404w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-14-300x250.png 300w\" sizes=\"(max-width: 420px) 100vw, 420px\" loading=\"lazy\" \/><figcaption class=\"wp-element-caption\"><em>notepad-edit-text[.]org<\/em> Graph<\/figcaption><\/figure>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\"><div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"406\" height=\"356\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/image-15.png\" alt=\"Fake Notepad infrastructure 1\" class=\"wp-image-4618\" srcset=\"https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-15.png 406w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-15-300x263.png 300w\" sizes=\"(max-width: 406px) 100vw, 406px\" loading=\"lazy\" \/><figcaption class=\"wp-element-caption\"><em>notepad-plus-plus.apps4p[.]org<\/em> Graph<\/figcaption><\/figure>\n<\/div><\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<p>It is not possible to obtain useful information from the <strong>WHOIS<\/strong> of the sites:<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<pre class=\"wp-block-preformatted\">Registry Registrant ID: REDACTED FOR PRIVACY\nRegistrant Name: REDACTED FOR PRIVACY\nRegistrant Organization: unknown\nRegistrant Street: REDACTED FOR PRIVACY\nRegistrant City: REDACTED FOR PRIVACY\nRegistrant State\/Province: VA\nRegistrant Postal Code: REDACTED FOR PRIVACY\nRegistrant Country: US\nRegistrant Phone: REDACTED FOR PRIVACY\nRegistrant Phone Ext: REDACTED FOR PRIVACY\nRegistrant Fax: REDACTED FOR PRIVACY\nRegistrant Fax Ext: REDACTED FOR PRIVACY<\/pre>\n\n\n\n<p>Info related to <strong>*-edit-text[.]org<\/strong><\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<pre class=\"wp-block-preformatted\">Registry Registrant ID: REDACTED FOR PRIVACY\nRegistrant Name: REDACTED FOR PRIVACY\nRegistrant Organization: unknown\nRegistrant Street: REDACTED FOR PRIVACY\nRegistrant City: REDACTED FOR PRIVACY\nRegistrant State\/Province: VA\nRegistrant Postal Code: REDACTED FOR PRIVACY\nRegistrant Country: US\nRegistrant Phone: REDACTED FOR PRIVACY\nRegistrant Phone Ext: REDACTED FOR PRIVACY\nRegistrant Fax: REDACTED FOR PRIVACY\nRegistrant Fax Ext: REDACTED FOR PRIVACY<\/pre>\n\n\n\n<p>Info realted to <strong>*-plus-plus.apps4p[.]org<\/strong><\/p>\n<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\">Analisi del IP C2<\/h2>\n\n\n\n<p>The malware contacts the IP address <strong>194.36.177[.]124<\/strong> geolocated in Ukraine and previously associated with other operations attributable to Malware RedLine Stealer.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" width=\"463\" height=\"289\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2022\/06\/image-18.png\" alt=\"Command and Control\" class=\"wp-image-4636\" srcset=\"https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-18.png 463w, https:\/\/fortgale.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/06\/image-18-300x187.png 300w\" sizes=\"(max-width: 463px) 100vw, 463px\" loading=\"lazy\" \/><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\" id=\"h-indicators-of-compromise-iocs\">Indicators of Compromise (IOCs)<\/h2>\n\n\n\n<p><strong>Malicious website domains:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>notepad-edit-text.org<\/li>\n\n\n\n<li>notepad-plus-plus.apps4p.org <\/li>\n<\/ul>\n\n\n\n<p><strong>C2 IP server addresses:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>194.36.177.124<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Fake Notepad usato per distribuire RedLine Stealer per mezzo di pubblicit\u00e0 Google Ads<\/p>\n","protected":false},"author":7,"featured_media":4673,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[954],"tags":[1475,1487],"class_list":["post-4577","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized-it","tag-backdoor-it","tag-redline-it"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/4577","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=4577"}],"version-history":[{"count":56,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/4577\/revisions"}],"predecessor-version":[{"id":7206,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/4577\/revisions\/7206"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media\/4673"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=4577"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=4577"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=4577"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}